WPScan is a free, open-source WordPress security scanner developed by a team of security professionals. It is designed to help website owners and security experts assess the security of their WordPress-powered websites
The tool is written in Ruby and can be used to detect a wide range of vulnerabilities, including outdated WordPress core, plugin, and theme versions, as well as common security misconfigurations. WPScan can also be used to enumerate WordPress users and identify potential attack vectors.
You can find more information at
https://github.com/wpscanteam/wpscan
The easiest way to use is is using docker. First, you need to install docker, you can find instructions at https://serverok.in/docker
Once you have docker installed, you can run it with the command:
docker run -it --rm wpscanteam/wpscan --url URL_OF_SITE_TO_SCAN